Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/l4mDxpYc8ZhxGDvpkJyCZznAOYc.roa
File:                     l4mDxpYc8ZhxGDvpkJyCZznAOYc.roa (raw, json)
Hash identifier:          a8QTkAfzo1wjtNQBPoGBT5zvAA0qflTXkgaTmc9Wi8I=
Subject key identifier:   97:89:83:C6:96:1C:F1:98:71:18:3B:E9:90:9C:82:67:39:C0:39:87
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAD06CC8D096D56569FE1D3659E4DC
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/l4mDxpYc8ZhxGDvpkJyCZznAOYc.roa
Signing time:             Mon 01 Jan 2024 02:29:29 +0000
ROA not before:           Mon 01 Jan 2024 02:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39112
IP address blocks:        82.177.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d0:6c:c8:d0:96:d5:65:69:fe:1d:36:59:e4:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=978983c6961cf19871183be9909c826739c03987
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:f2:ca:2b:1e:2c:75:89:2e:e8:82:70:69:7d:
                    55:aa:31:c0:14:e5:9d:51:a6:59:6b:ba:98:f2:cd:
                    2e:1b:cb:85:e4:9d:22:e8:31:0f:ed:43:95:f6:86:
                    94:86:17:ff:e3:8a:2d:72:c2:91:f8:bc:9d:cd:47:
                    d0:24:a5:44:bc:29:94:41:85:ee:4b:0b:39:b0:e5:
                    bd:aa:b2:33:58:58:f5:24:e3:96:22:bb:34:bf:86:
                    51:3f:e8:60:26:29:dd:47:44:7f:c2:6a:a0:5a:cb:
                    93:4a:01:12:25:cb:cc:b8:20:0e:79:a8:a8:94:ad:
                    f7:aa:f6:f1:4b:75:f7:6b:b6:6d:84:7f:d8:38:c8:
                    b2:2b:05:41:ae:86:b1:cc:b0:a7:d9:d1:d5:46:43:
                    1d:22:22:ee:05:67:85:3e:69:9d:cb:17:ff:6f:6a:
                    f5:52:d5:e3:4a:6a:fe:c2:fc:e4:40:f4:80:39:1c:
                    d8:b4:6a:d5:07:cf:08:b9:b4:97:b2:9f:c3:5d:48:
                    01:e0:bc:b4:f1:8e:61:1c:80:cf:98:0d:f5:8a:c4:
                    12:f0:b2:68:5c:fc:1b:04:4e:18:da:f2:0d:2e:69:
                    7d:87:b8:ec:74:ff:98:39:95:69:8e:54:cc:28:da:
                    c3:24:05:f0:d0:59:20:eb:c2:42:97:9b:f5:c0:ee:
                    d3:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:89:83:C6:96:1C:F1:98:71:18:3B:E9:90:9C:82:67:39:C0:39:87
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/l4mDxpYc8ZhxGDvpkJyCZznAOYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.177.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:b9:46:56:83:4f:ad:2d:97:b9:55:60:64:7b:17:19:1a:e6:
         ad:c4:4e:e7:ca:72:b2:48:41:a9:c4:87:01:2e:c4:76:eb:b5:
         94:e4:6d:6f:97:c0:96:d3:88:8d:6b:3b:e4:b9:2e:35:f1:df:
         e6:49:0e:50:08:bd:c2:d3:9a:3b:13:3f:f0:09:97:78:e7:14:
         c4:15:43:06:94:01:4e:23:5f:41:20:37:d1:b7:ad:eb:78:10:
         e2:a9:d5:26:50:3f:8b:b8:4d:68:9e:8f:b5:36:3f:b5:81:59:
         e0:30:8d:84:f3:f7:3a:bd:9f:4a:dd:3d:9b:ca:10:23:28:ff:
         fc:29:12:91:16:3a:ab:fc:ac:58:b0:0d:a5:a3:f3:97:43:6e:
         48:45:69:ab:d5:8b:f0:4f:fb:83:13:f6:7d:8c:c7:e9:4c:3d:
         d8:3a:df:c8:65:5f:5d:3f:3f:ff:52:9f:77:11:50:54:0d:3b:
         41:34:1f:5c:a2:3c:54:6f:d2:83:d2:44:e5:b8:69:1f:6e:e3:
         1c:b9:b5:38:21:07:da:52:88:a8:27:e3:7f:60:30:ca:bf:f2:
         0a:c5:80:59:a8:54:ad:92:da:18:1e:08:3a:1e:76:39:f9:d7:
         02:09:3e:3b:19:69:ac:0b:d9:b0:0b:93:3d:f4:9c:bb:9a:c5:
         0b:d7:55:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tBsyNCW1WVp/h02WeTcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Nzg5ODNjNjk2MWNmMTk4NzExODNiZTk5MDljODI2NzM5YzAzOTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfLKKx4sdYku6IJwaX1VqjHAFOWd
UaZZa7qY8s0uG8uF5J0i6DEP7UOV9oaUhhf/44otcsKR+LydzUfQJKVEvCmUQYXu
Sws5sOW9qrIzWFj1JOOWIrs0v4ZRP+hgJindR0R/wmqgWsuTSgESJcvMuCAOeaio
lK33qvbxS3X3a7ZthH/YOMiyKwVBroaxzLCn2dHVRkMdIiLuBWeFPmmdyxf/b2r1
UtXjSmr+wvzkQPSAORzYtGrVB88IubSXsp/DXUgB4Ly08Y5hHIDPmA31isQS8LJo
XPwbBE4Y2vINLml9h7jsdP+YOZVpjlTMKNrDJAXw0Fkg68JCl5v1wO7TBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJeJg8aWHPGYcRg76ZCcgmc5wDmHMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvbDRtRHhwWWM4Wmh4R0R2cGtKeUNaem5BT1ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUrH9MA0G
CSqGSIb3DQEBCwUAA4IBAQAVuUZWg0+tLZe5VWBkexcZGuatxE7nynKySEGpxIcB
LsR267WU5G1vl8CW04iNazvkuS418d/mSQ5QCL3C05o7Ez/wCZd45xTEFUMGlAFO
I19BIDfRt63reBDiqdUmUD+LuE1ono+1Nj+1gVngMI2E8/c6vZ9K3T2byhAjKP/8
KRKRFjqr/KxYsA2lo/OXQ25IRWmr1YvwT/uDE/Z9jMfpTD3YOt/IZV9dPz//Up93
EVBUDTtBNB9cojxUb9KD0kTluGkfbuMcubU4IQfaUoioJ+N/YDDKv/IKxYBZqFSt
ktoYHgg6HnY5+dcCCT47GWmsC9mwC5M99Jy7msUL11Xi
-----END CERTIFICATE-----